Microsoft introduces Project Freta a free tool to detect malware in Linux Kernels
Microsoft Project Freta is a free, cloud-based offering from the New Security Ventures (NSV) team at Microsoft Research that provides automated full-system volatile memory inspection of Linux systems. The new Freta software detects a novel malicious software, kernel rootkits, process hiding, and other intrusion artifacts via agentless operation by operating directly on captured VM snapshots.
The project Freta intends to automate and democratize VM forensics to a point where every user and every enterprise can sweep volatile memory for unknown malware with the push of a button—no setup required. The Freta is very easy to use you just need to submit a captured image to generate a report of its content. The Memory inspection means no software to install, no notice to malware to evacuate, or destroy data.
The goal of this democratization effort is to increase the development cost of undiscoverable cloud malware toward its theoretical maximum. What would happen if a commercial cloud could guarantee the capture of malware, no matter how expensive or exotic, in volatile memory? Producers of stealthy malware would then be locked into an expensive cycle of complete re-invention, rendering such a cloud an unsuitable place for cyberattacks. This is the future we wish to realize.
[Image source: Microsoft]
By using Project Freta, customers will be able to conduct full memory audits of thousands of cloud-based Linux VMs in an automated manner. It will help every user and enterprise to scan volatile memory for malware just at the click of a button with no setup required.
Freta, for now, is a free, cloud-based service that provides “automated full-system volatile memory inspection of Linux systems” by way of VM snapshots. It involves capturing a memory snapshot of the Hyper-V Linux guest OS. However, the Freta portal can also ingest VMware snapshots too.
Project Freta produces a report via the portal as well as its REST and Python application programming interfaces. Project Freta currently consists of an analysis engine that consumes “snapshots of whole-system Linux volatile memory and extracts an enumeration of system objects”, and a sensor built for Azure that lets users move a live VM’s virtual memory to an offline environment for analysis without disrupting execution.
What are your views on Microsoft Project Freta? Do mention in the comment section below. For more news on tech and cybersecurity stay tuned on Android Rookies by subscribing to our newsletter from here.